[asterisk-users] Anyone used WatchGuard SIP ALG?

Eric Wieling EWieling at nyigc.com
Tue Apr 22 11:20:19 CDT 2014


I would be very surprised is anyone uses WatchGuard SIP ALG.   For the past 12 years the advice has always been "Disable SIP ALG and let Asterisk do the NAT fixup itself" on any firewall, regardless of brand.    I wish you the best of luck.

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tony Mountifield
Sent: Tuesday, April 22, 2014 12:12 PM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Anyone used WatchGuard SIP ALG?

In article <CAHE6+j3hb5d8mJfY69F73TVwZus9ZAQrDakt4+iW+tx58_uZ=g at mail.gmail.com>,
Ishfaq Malik <ish at pack-net.co.uk> wrote:
> On 22 April 2014 16:24, Tony Mountifield <tony at softins.co.uk> wrote:
> 
> > Has anyone here used Asterisk inside a WatchGuard firewall, talking 
> > via the WatchGuard SIP Application Layer Gateway to an outside SIP service?
> >
> > I have a customer doing just that, and I am 100% convinced there is 
> > a bug in the ALG regarding the media port number it inserts into the 
> > SDP when it rewrites it. However, either they or WatchGuard will not 
> > accept there is a bug, despite my very detailed description of it.
> >
> > So if anyone else has any experience of using this product, I'd be 
> > very interested to hear from you. Thanks!
> >
> Just about every SIP ALG (Watchguard included) makes things worse or 
> simply not work.

Maybe, but that doesn't mean the concept is flawed. It should be possible to do it correctly.

> Have you tried to simply disable it?

Yes, the customer has tried that, but since NAT is involved, the lack of SDP rewriting means that the media streams do not get routed correctly.

But I am specifically looking for people with experience of this particular product, rather than for general advice, as I am seeking support for my assertion that it has a specific bug that the vendor needs to acknowledge and fix.



More information about the asterisk-users mailing list